Cyber-experts ponder response to attacks

Internet assaults may trigger protest, but not use of force

WASHINGTON – A lot of people are saying this is cyber-war. But if the Internet attack on U.S. Web sites was an assault by North Korea or some other foreign government, what good responses are in the U.S. arsenal?

“The short answer is probably 'Not a heck of a lot,' ” said James Lewis, a senior fellow at the Center for Strategic and International Studies.

Defense and cyber-analysts said yesterday that chances are high that very little will be done to whoever orchestrated several days of attacks against Web sites, including the White House and Pentagon as well as sites in South Korea. That's largely because the investigation is unlikely to figure out who did it.

Even if it is determined that another nation was behind the attacks, the possible responses are hardly warlike: trade sanctions, diplomatic protests or a complaint before the United Nations.

“You could eject an attaché, recall your ambassador and throw out their ambassador,” Lewis said. That's not possible with North Korea, he noted of a main suspect in the attacks, because Pyongyang doesn't have an embassy in the United States.

But war? Military action? No one is talking about that. Any punishment needs to fit the crime, analysts said, and this doesn't meet the threshold of an act of war.

“I don't think this kind of attack merits the use of force,” said Kristin Lord, national security expert at the Center for a New American Security.

“It's annoying, a little embarrassing, but it's not a big deal,” Lewis said, meaning that no major damage was done.

But others think retaliation might be called for, strong enough to send a stiff message, perhaps even a similar dose of the U.S. military's offensive cyber-capability.

U.S. officials routinely refuse to talk about either computer defenses or computer attacks the United States might have launched. But U.S. cyber-retaliation could range from a passive intrusion such as listening in on a foe's communications to an attack that cripples an enemy's air-defense systems to clear the way for a bomber attack.

A counterstrike on an attacker's computer network could be launched, Lewis said, but it would be extremely difficult.

“This is a gray area,” said Stewart Baker, who worked on cyber-security at the Department of Homeland Security. “But if you know that the North Koreans were doing this, then at a minimum I would have thought you'd be entitled to do the same thing to them to show that you didn't like it.”

If the attacks caused harm to anyone, “You get more serious, and start thinking and talking about it as an act of war or at least state-sponsored violence,” said Michael O'Hanlon, a defense analyst at the Brookings Institution.

Although the recent computer attacks are considered by many experts to be little more than a nuisance to public Web sites, the incident raised anew old criticism that the U.S. government's policies on cyber-warfare are shrouded in secrecy, ill-formed and require broad public debate.

“There's a lot of thinking that needs to be done about how to respond to attacks like this and what the threshold is for responding to cyber-attacks, with other means, whether they be economic sanctions or even military force,” Lord said.

The assault involved more than 100,000 “zombie” computers, used by someone without their owners' knowledge and linked together in a network known as a “botnet.” Most of those computers were in South Korea, but others were in Japan, China, the United States and possibly other countries.

“If you shoot back at the computers that actually launched the attack, then you're hitting third parties who probably don't even know they were involved,” Lewis said.

“And if you go out over the networks to strike back at Pyongyang, how can you be sure you're not accidentally going to also take down Japan at the same time?”

Said Lewis: “You could end up shooting the wrong guy.”

Yesterday, a third wave of cyber-attacks hit South Korea but caused little disruption, with six of seven Web sites affected quickly back up and running.

“The damage from the latest attack appears to be limited because those sites took necessary measures to fend off the attack,” said Ku Kyo-young of the state-run Korea Communications Commission.

South Korean and U.S. officials have implicated North Korea in the attacks but have offered little evidence to back up their claims.